CyberSecurity & Tech Operation, A Conflict of Interest

CyberSecurity & Tech Operation, A Conflict of Interest

Faisal I. Faisal I.

Faisal I.

CISO | National PKI Compliance Leader | Cybersecurity Advisor to Federal Govt | Digital Transformation Strategist

发布日期: 2019年7月11日
+ 关注

Cyber Security Operation team and Security architects are critical resources that ensure a business profit by ensuring business technology security. They minimize cybersecurity incident by continuous improvement of cybersecurity controls. In some organization, the reporting of cybersecurity resources are mislocated in organization organogram. They place the reporting line of cybersecurity resources to technology lead. Reporting of cybersecurity resources to technology team lead can create a conflict of interest. Technology lead resources will never communicate risk to higher management communicated by cybersecurity team because the higher management will raise questions on his/her working expertise. The conflict of interest between cybersecurity and technology lead can cause tense relation between both teams. As a result, either the cybersecurity team avoid communicate the technological risks or can lead to loss of good cybersecurity resources. Loss of good cybersecurity can affect the business profit in case of any cybersecurity incident. That loss can be in the form of organization reputation loss, disruption of business supporting technology that can create downtime or any regulatory fine. 

To resolve this conflict of interest between cybersecurity team and technology operation, security architect /Cybersecurity team should be reported to the Chief risk officer, CISO or business unit head. The purpose of this organogram design is to secure business interest. Each business generates revenue by defining some business function. Each business function is supported by technology to provide the best functionality. Any disturbance in technology due to cybersecurity incident can cause business technology malfunction. Technology lead resource is the business functionality technology custodian and cybersecurity team should work in parallel with technology lead. Both technology lead and cybersecurity lead should report to business leaders. By working in parallel they can ensure a business profit by secure use of technology.

No alt text provided for this image

Above diagram shows the recommended organogram of technology and cybersecurity. Business team and CISO work in parallel with technology head to support business functionality because together they can generate a profitable business.

要查看或添加评论,请登录

Faisal I.的更多文章

社区洞察

其他会员也浏览了